Scope-based permissions

Permissions for Akamai Control Center users are managed using scopes. Scopes are determined by a user’s name, and the terms of the contract also play a role in determining a user’s permissions

In previous Global Traffic Management releases, portal users were created with a specific role. Each role had specific access permissions associated with it that were bundled into GTM and other Akamai products. Contracts also included specific engineering products. In these versions, creating a user with specified roles in a specific contract dictated what permissions are allowed for a user.

This new GTM release is similar to past releases but permissions are replaced and simplified with scopes. In previous releases, a user’s name had a role in determining the permissions available for that name. With this release of GTM, scopes are now determined by a user’s name, and the terms of the contract also play a role in determining a user’s permissions.

There are three scope levels:
  • View: You can view and read about the domains but cannot save, add, or edit anything. None of the UI buttons or fields are active except for actions that only need View scope, such as viewing the domain history or downloading the domain’s configuration from the top of a domain’s page.
  • Add: You can add a domain but only for those contracts in which you have an Add scope. The Add New Domain page will display and all buttons and fields are enabled in this case. If you do not have Add scope the Add New Domain page will display an error message and all buttons and tabs will be grayed out. Note that you cannot add new data centers if you have a performance plus domain with this scope. The ability to add a new data center will only be enabled if the domain is not a performance plus domain, and you have Add and Edit domain rights.
  • Edit: You can perform several functions within the domain and its properties, data centers, maps, and other functions. For example, you can delete a property or create a new geographic map. You can perform create, edit, and delete functions on a domain but you cannot add a new domain or new data center with Edit scope. All UI buttons and fields are active.

There is currently no scope to delete a domain at this time. Contact Akamai Support if you need to delete a domain.

When you start GTM, it checks for all the contracts you can access as well as the features and scopes for those contracts. It determines the scopes available for each contract. The contracts returned will not be restricted by data passed from the client. The exception to this is the Add scope. This scope will only be in the scope list if the contract ID belongs to the group ID passed by the client.

To determine if you have Add scope, the contracts are checked to see if any of them have that scope. If they do have Add scope you can add domains. On the Add New Domain page the contract menu will list only those contracts that have Add scope. You will see the Contract menu even if you only have one contract. This is to let you know which contract you are adding a domain to.

Per-domain attributes

Control Center scopes for GTM are controlled at the contract level. If you want one user to be able to edit one property and another user to be able to edit another property, then the two properties must belong to different GTM domains.

You can configure load feedback (on or off). The listed attributes are administrative settings that can be changed by Akamai. If you want two properties to differ in one or more of these settings, then the two properties must below to different domains:
  • Load feedback (on or off)
  • Minimum allowed test interval
  • Maximum allowed test timeout
  • Minimum allowed TTL
  • Maximum allowed TTL
  • Round-robin prefix
  • Maximum number of properties involved

Contact Akamai for a full list of these attributes.